🔐Inherited Security & Audits

Solidly went through a partial (only the AMM part was sent for audit) security audit in January 30, 2022. The audit was done by PeckShield and did reveal 5 low-severity and 1 informal findings.

The full audit is available for download from Solidly git repository.

Velodrome Finance went through a security audit and a peer review as part of the Code4rena bug bouncy contest. Finally, a full MythX deep scan on Velodrome contracts found just a handful of false-positive, low-severity issues reported.

The Code4rena contest results were released on August 8, 2022 and are available here. All high- or medium-risk issues were either resolved pre-deploy, except for one known issue (users can claim eligible rewards from ExternalBribe contracts more than once) that's currently being addressed (via a wrapped contract solution). No user funds are at risk from this vulnerability, and protocols who wish to deposit external bribes should get in contact with the core team to discuss alternative solutions. More information about our C4 contest can be found here.

Lastly, we also engaged with Coelacanth (@ImpossibleNFT) for an informal full audit. Reports from that audit are available here.